from the after-you dept

When Techdirt wrote recently about yet another secure email provider opting to close down its service rather than acquiesce in some future US government demand to spy on its users, we noted that Cryptocloud has promised something similar for a while -- what it terms "corporate seppuku":

In the context of privacy issues, "corporate seppuku" means shutting down a company rather than agreeing to become an extension of the massive, ever-expanding, secretive global surveillance network organized by the U.S. National Security Agency. It means, in short, saying "no." Sometimes, we hear people say that this or that company "had no choice" in what they did. Bullshit. There's always a choice; it's just that the consequences of certain options might be really severe, and are thus not chosen. But that's a choice. It's always a choice.

It has even formulated what it calls the Privacy Seppuku pledge:

if a company is served with a secret order to become a real-time participant in ongoing, blanket, secret surveillance of its customers... it will say no. Just say no. And it will shut down its operations, rather than have then infiltrated by spies and used surreptitiously to spread the NSA's global spook malware further. You can't force a company to do something if there's no company there to do it.

That one that went thru with the seppuku? She'll likely have a new service up and running in a few days or weeks. The customers who got dinged by the shutdown? They'll all get up and running on her new service. This is all 1s and 0s, remember? You don't have to demolish a car manufacturing plant, after all -- you're just wiping some VMs and reincorporating elsewhere. Lease new machines. Call it "lavabutt" on the new corporate docs, in Andorra. Sign on to the Privacy Seppuku pledge, as lavabutt, again. Off you go. Do you think it'll be hard to get customers -- old ones migrated over, and new ones alike? Think on that: a privacy company that shut down rather than be #snitchware... do you trust them, now?

That resilience flows from the service's digital nature, the availability of powerful but free software, and Moore's Law driving down the cost of commodity hardware. Put together, they make it easy to to recreate a business if it is shut down (apart from the lost data, of course.) The NSA will get this salient feature, CryptoStorm believes:

Spooks aren't dumb -- far from it. They do these kinds of analysis -- hell, they hire some of the best game theoretic minds in the world, and always have. Local cops might be power-drunk and unable to see how their actions play out over time; the NSA isn't any of that. They have whole buildings full of very smart people paid good money to think about this stuff. They won't get it wrong.

And the outcome is simple: if the Privacy Seppuku concept spreads, it becomes useless to target companies on the pledge list! You won't get what you want, you'll make some heroes who go out and do bigger stuff next, you'll out yourselves as dangerous thugs, your "secrecy" is shot to hell, and after all the effort involved you end up backwards from where you were before. That's the scenario, it's how it plays out. There's really no alternative scenario.

It's an optimistic vision, but the fact is that at the time of writing, only two services are listed as having made the Privacy Seppuku pledge -- Cryptocloud and Cryptocat. Until more join the club, it remains more a nice idea than a practical way of fighting back against today's mass surveillance.

from the debunk-that-myth dept

Throughout these revelations of NSA spying, the common refrain from supporters of the program was that there was strong oversight "from all three branches of government." We'd already questioned those claims, but with the recent revelations of widespread abuses, combined with the head of FISC (judicial branch) admitting that he relies on what the NSA tells him to do the oversight, and Senate Intelligence Committee chair Dianne Feinstein claiming to have never even seen a key document concerning abuses, not to mention that the NSA teaches its analysts how to hide relevant info from those in charge of oversight, it seems pretty clear that the idea of real oversight is a joke.

First, the Executive. After a review of internal NSA audits of the spying programs provided by Edward Snowden, the Postlays out—in stark detail—that the claims of oversight inside the Executive Branch are empty. The article reveals that an internal NSA audit not shown to Congress, the President, or the FISA Court detailed thousands of violations where the NSA collected, stored, and accessed American's communications content and other information. In one story, NSA analysts searched for all communications containing the Swedish manufacturer Ericsson and “radio” or “radar.” What's worse: the thousands of violations only include the NSA's main office in Maryland—not the other—potentially hundreds—of other NSA offices across the country. And even more importantly, the documents published by the Post reveal violations increasing every year. The news reports and documents are in direct contrast to the repeated assertions by President Obama (video), General James Clapper (video), and General Keith Alexander (video) that the US government does not listen to or look at Americans' phone calls or emails. So much for official pronouncements that oversight by the Executive was "extensive" and "robust."

Second, the FISA Court. The Post presents a second article in which the Chief Judge of the FISA Court admits that the court is unable to act as a watchdog or stop the NSA's abuses: “The FISC is forced to rely upon the accuracy of the information that is provided to the Court,” its chief, US District Judge Reggie B. Walton, said in a written statement. “The FISC does not have the capacity to investigate issues of noncompliance." Civil liberties and privacy advocates have long said that the FISA Court is a rubber stamp when it comes to the spying, but this is worse—this is the Court admitting that it cannot conduct the oversight the President and others have claimed it is doing. So much for claims by officials from the White House (video), NSA, DOJ, and Intelligence Committee members of Congress that the FISA Court is another strong pillar of oversight.

Third, the Congress. Last week, Representative Sensenbrenner complained that "the practice of classified briefings are a 'rope-a-dope operation' in which lawmakers are given information and then forbidden from speaking out about it." Members of Congress who do not serve on the Intelligence Committees in the both the House and Senate have had difficulty in obtaining documents about the NSA spying. Last week, it was even uncovered that the Chairman of the House Intelligence Committee, Rep. Mike Rogers, failed to provide freshmen members of Congress vital documents about the NSA's activities during a key vote to reapprove the spying. Senators Wyden and Udall have been desperately trying to tell the American people what is going on, but this year the House Intelligence committee's Subcommittee on Oversight has not met once and the Senate Intelligence committee has met publicly only twice.

So, the next time an NSA defender trots out those claims of strong oversight from all three branches, don't let them get away with it, since it's clearly not true.

from the there-we-go dept

As a bunch of folks have been sending in, on Thursday evening Stephen Colbert took on the NSA surveillance program in a clip that was filmed before all those additional details came out about the program. Still, it's worth watching:

He starts out amusingly:

Now, it's no secret I'm in favor of government surveillance. It's certainly no secret from the government.

Then there's this:

The President has heard your calls for more oversight. In fact, he's heard all your calls...

And then, of course, he discussed the fact that President Obama has confessed Congressional liar James Clapper setting up the oversight group:

See? Outside experts. Independent groups... which will be chosen by independent outside Director of National Intelligence James Clapper. The guy who lied to Congress 5 months ago about these programs, but assured us he gave "the least untruthful" answer he could. And I am confident that the group's report will include the most transparent bullshit legally allowed.

Nicely done. And yet more evidence of how mainstream this controversy is becoming.

from the urls-we-dig-up dept

Grilling up some hamburgers for the summer is a very common event, but some folks have problems with eating beef (or any meat). And some people are turned off by the possibility of eating horse meat in their burgers (though horse meat is consumed regularly in some places). Here are just a few stories on how we might improve burgers or avoid cows in the process.

Researchers at Kansas State University have created a burger rich with omega-3 fatty acids. According to the scientists, "As a society, Americans' consumption of fish, especially fish that contributes to these omega-3 fats, is quite low compared to other proteins. ... Americans do, however, like hamburgers. So if we can give people a hamburger that is rich in omega-3s, it's an alternative form of a product that they already eat and does not require a lifestyle change, which is difficult to make." [url]

from the wake-up-congress dept

Ever since the Snowden leaks broke, we've been hearing from a variety of people about how the whole thing was likely to "blow over," that most Americans really aren't that concerned about the feds snooping through their stuff, and that everything would go back to normal before long. We've been suggesting that this was an unlikely storyline, but it's allowed some in Congress to more or less ignore the growing controversy. Of course, it appears they're starting to realize this was a mistake. A new poll that was conducted before the latest revelations (which are, by far, the worst revelations yet) show quite a lot of concern from the public:

A July Washington Post-ABC News poll — before the latest disclosures reported by The Post — found fully 70 percent of Democrats and 77 percent of Republicans said the NSA’s phone and Internet surveillance program intrudes on some Americans’ privacy rights. What’s more, Democrats and Republicans who did see intrusions were about equally likely to say they were “not justified:” 51 and 52 percent respectively. Nearly six in 10 political independents who saw intrusions said they are unjustified.

from the either-you-help-us-spy-on-people-or-you're-a-criminal dept

The saga of Lavabit founder Ladar Levison is getting even more ridiculous, as he explains that the government has threatened him with criminal charges for his decision to shut down the business, rather than agree to some mysterious court order. The feds are apparently arguing that the act of shutting down the business, itself, was a violation of the order:

... a source familiar with the matter told NBC News that James Trump, a senior litigation counsel in the U.S. attorney’s office in Alexandria, Va., sent an email to Levison's lawyer last Thursday – the day Lavabit was shuttered -- stating that Levison may have "violated the court order," a statement that was interpreted as a possible threat to charge Levison with contempt of court.

That same article suggests that the decision to shut down Lavabit was over something much bigger than just looking at one individual's information -- since it appears that Lavabit has cooperated in the past on such cases. Instead, the suggestion now is that the government was seeking a tap on all accounts:

Levison stressed that he has complied with "upwards of two dozen court orders" for information in the past that were targeted at "specific users" and that "I never had a problem with that." But without disclosing details, he suggested that the order he received more recently was markedly different, requiring him to cooperate in broadly based surveillance that would scoop up information about all the users of his service. He likened the demands to a requirement to install a tap on his telephone.

It sounds like the feds were asking for a full on backdoor on the system, not unlike some previous reports of ISPs who have received surprise visits from the NSA.

from the and-here-we-are-on-the-titanic dept

Following the latest revelations of widespread abuses by the NSA, Senators Mark Udall and Ron Wyden -- who had just recently warned that the intelligence community was not being upfront about abuses -- have put out a statement saying that there's still a lot more that hasn't yet been revealed:

The executive branch has now confirmed that the rules, regulations and court-imposed standards for protecting the privacy of Americans have been violated thousands of times each year. We have previously said that the violations of these laws and rules were more serious than had been acknowledged, and we believe Americans should know that this confirmation is just the tip of a larger iceberg.

They point out that they really can't reveal the details, but they're hopeful that President Obama and the intelligence community recognizes that it's better for them to come clean themselves. The obvious implication is that everyone knows that there are still thousands of documents held by reporters, and these other abuses are likely to come to light before long:

While Senate rules prohibit us from confirming or denying some of the details in today's press reports, the American people have a right to know more details about the scope and severity of these violations, and we hope that the executive branch will take steps to publicly provide more information as part of the honest, public debate of surveillance authorities that the Administration has said it is interested in having.

In particular, we believe the public deserves to know more about the violations of the secret court orders that have authorized the bulk collection of Americans' phone and email records under the USA PATRIOT Act. The public should also be told more about why the Foreign Intelligence Surveillance Court has said that the executive branch's implementation of Section 702 of the Foreign Intelligence Surveillance Act has circumvented the spirit of the law, particularly since the executive branch has declined to address this concern.

If the past is any indication, the intelligence community and the White House will ignore this. Sooner or later they're going to have to realize that every misrepresentation, every denial later proven false and every outright lie is only making things even worse. The window has probably already passed for the administration and the intelligence community to regain the trust of the public, but if it's going to happen, having the government come clean would be a good start.

from the they-can't-be-serious dept

Been wondering how the usual pack of NSA defenders would be trying to spin the revelations of massive violations of the law by the NSA? I've assumed that most would focus on the fact that it's claimed (without real evidence) that these abuses were "accidents" or "typos" (by which you also alert NSA agents exactly how to abuse the system without getting in trouble for it: just make it look like a typo). And here we have a version of this that I expect to see a few politicians trot out. Jason Healey, who is a former "director of cyber infrastructure" for the White House from 2003 to 2005. has trotted out the trial balloon claiming that these thousands of abuses mean "the system is working."

NSA 'privacy violations' reflects system working well. My 1st job was writing such violation reports, ensure US info was purged from system

We'll wait while you try to stop laughing. Need a bit more time? Okay. *Glances at watch* Okay, now, seriously, I'm assuming his argument is that the fact that there was a secret report noting all of these thousands of abuses means that the "auditing" and "review" process within the NSA proves that those processes "work" in "catching" abuses. This is wrong on so many levels. Let's discuss just a few, because, really, we don't have all day:

Just because this report notes thousands of abuses, it doesn't mean that many other, potentially worse, abuses didn't happen and just didn't make it into the report. In fact, given how widely the systems appear to be abused, this seems almost certain. The NSA argues that random errors, typos and accidents lead to the mistakes in the first place, yet now we're supposed to believe that there were no such errors in collecting the list of violations and abuses? Really?

As we've been discussing, the way these abuses are classified actually makes it painfully obvious to any NSA analyst worth his or her pocket protector just how to abuse the system and get away with it. If these abuses were rare, and not an everyday occurrence, it would be harder to get away with. But with multiple abuses every single day, it's not difficult to disguise a purposefully abusive search into one that looks "accidental."

The fact that there are so many abuses, and that the number has grown over time shows that the system is clearly not working. If it was, they'd be reducing the violations consistently.

Just because an abuse is written up, it doesn't excuse the abuse happening in the first place.

And, as mentioned we could go on and on and on. But, honestly, how can anyone want to be taken seriously and then argue that thousands of abuses of the law and violations of the privacy of Americans "reflects [the] system working well"? About the only way it shows the system is working well is if the plan was to spy on Americans against the law all along.

from the not-just-about-us-persons dept

I know that one thing I've heard from a bunch of foreigners during the past few months concerning the debates over the NSA's surveillance programs is that they don't understand why everyone's so focused on the issue of "US persons," since that implies we really don't care at all about the fact that the NSA has no restrictions at all on spying on every communication from everyone else in the world. And, that's a valid point. Of course, if we're focusing on just the pure flat out law-breaking by the NSA, the US persons issue is important, because they're not allowed to do that. But, it shouldn't minimize the fact that if you're not a "US person" under the NSA's definition, you're totally fair game. And while we've already mentioned the whole "accidental" collection of a bunch of phone call metadata from Washington DC by the NSA, it's worth revisiting it as well in this context. Most of the coverage has just focused on the fact that the NSA collected so much data on calls coming out of DC:

In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.

Right, but if they did that "correctly" it would have meant info on a "large number" of calls from Egypt all would have been collected. And, given this information, it seems quite likely that once the "programming error" was "corrected" those Egyptian call info did start getting sucked up into the machine. Now, some in the US might not mind that, but I'd imagine that people in Egypt and around the globe outside of the US are probably looking at that and are not at all happy about it. The fact that an analyst can just plug in their entire country code and "intercept" calls without (it appears) any oversight (which, of course, would have caught the 202/20 error) seems ripe for massive abuse, which is unlikely to get recorded in any report.

from the and-even-pelosi-is-disturbed dept

It appears that with the latest revelations of abuses by the NSA, Congress is making noises about actually doing something about it this time. Senator Leahy seems quite reasonably ticked off, calling for new hearings in which he appears to make it clear that he's not at all happy that the intelligence community was less than honest during the last hearings:

"The American people rely on the intelligence community to provide forthright and complete information so that Congress and the courts can properly conduct oversight. I remain concerned that we are still not getting straightforward answers from the NSA," Leahy said in a statement.

"I plan to hold another hearing on these matters in the Judiciary Committee and will continue to demand honest and forthright answers from the intelligence community."

Of course, one could argue that it was clear during those hearings last month that the answers were not particularly truthful, so this does have a bit of a "for show" feeling to it. But, it's becoming clearer that even if the NSA had a slight majority of support in Congress recently, that too may be eroding. Even Nancy Pelosi, who may have single-handedly saved the NSA's ability to collect all info on every phone call under Section 215 of the Patriot Act a few weeks ago, is now saying that these latest revelations are extremely disturbing. Of course, perhaps she should have investigated that a little more before making sure the NSA could continue doing what it was doing...

from the lying-will-get-you-nowhere dept

It's been clear that various defenders of the NSA program have been lying, but given yesterday's revelations, now we can show just how much and how explicitly they were lying. It was just a couple weeks ago at the Black Hat conference that Keith Alexander told an audience that a review of NSA activities showed no violations at all:

Congress did a review of this program over a four-year period, the Senate Select Committee on Intelligence. And over that four-year period, they found no willful
or knowledgeable violations of the law or the intent of the law in this program.

More specifically, they found no one at NSA had ever gone outside the boundaries of what we’ve been given. That’s the fact. What you’re hearing, what you’re seeing, what people are saying is, well, they could. The fact is they don’t. And if they did, our auditing tools would detect them, and they would be held accountable.

Note the hedge in the first paragraph, that they found "no willful or knowledgeable violations." And, indeed, the Inspector General's report revealed last night notes that most of the violations they found were accidental. But, the line between "accidental" and "intentional but covered up by claiming it was an accident" is a somewhat fuzzy line. If you're an NSA analyst who wants to spy on someone, given how the agency treats "accidental" searches as no big deal, it appears that all you have to do is figure out a way to write a query that you can then claim accidentally, or "incidentally" just happened to collect the information you were looking for. "Oops."

Either way, even with those caveats in the first paragraph, in the second paragraph Alexander makes claims without such caveats. There he argues that "no one at NSA had ever gone outside the boundaries of what we've been given. That's a fact." Actually, that's a lie. As the report showed quite clearly, there are thousands of incidents in which they went outside the boundaries. That they were "accidental" or "incidental" doesn't change that fact.

from the he-clearly-disclosed-abuse dept

It is actually not a hard question to answer. The Whistleblower Protection Act protects "any disclosure" that a covered employee reasonably believes evidences "any violation of any law, rule, or regulation," or "gross mismanagement, a gross waste of funds, and abuse of authority, or a substantial and specific danger to public health or safety."

It goes on to give some evidence of how Snowden's leaks fit into those categories:

In the two months since Snowden's alleged disclosures, no fewer than five lawsuits have been filed challenging the legality of the surveillance programs he exposed. The author of the Patriot Act, Rep. James Sensenbrenner (R-Wis.), called the scope of data collection revealed in one of the leaked Foreign Intelligence Surveillance Court orders "incredibly troubling," and "an overbroad interpretation of the Act" that "raise[s] questions about whether our constitutional rights are secure."

It doesn't end there. Over a dozen bills have been introduced in Congress to narrow these now public surveillance authorities and increase transparency regarding continuing programs. No one can know what was in Edward Snowden's mind, but clearly he could have had a reasonable belief the documents he leaked to the news media revealed government illegality and abuse of authority.

The disclosures also revealed that U.S. military officers and intelligence community officials have been less than truthful in their public comments and congressional testimony about the government's domestic surveillance practices, both in the scope of the programs and their effectiveness. Such false and misleading testimony threatens more than just Americans' privacy; it threatens democratic control of government.

Of course, even then, some argued that since the revelations did not, in fact, reveal direct "abuses," he still wasn't a "whistleblower." But that's no longer true. As we've been detailing, his leaks have led to the clear evidence of not just a few random abuses, but rather thousands of abuses by the NSA every year.

So can we drop whatever name calling game people are playing and agree that he meets the definition of a whistleblower?

from the this-is-where-we-were-headed-all-along? dept

Remember last week's press conference, where President Obama insisted that he had already kicked off the process of a major review of the way we do intelligence and surveillance in this country -- and about how he was going to set up an "outside" review group to look all this over? The same review group that will be set up by and report to James Clapper (but, the White House assures us, not run by him)?

“They kicked me off,” said former Rep. Lee Hamilton (D-Ind.). “I was on it a long time under Bush and under Obama. They wanted to make some changes.”

“I don’t know anything about whether they’ve brought in new members. They thanked me and that’s about all I know,” added Hamilton, widely known for his service as vice chairman of the 9/11 Commission.

[....] Philip Zelikow, who served as executive director of the 9/11 Commission and later as a top aide to Secretary of State Condoleezza Rice, was also asked recently to step off the PIAB.

“I’ve resigned from the Board, one of ten of the fourteen earlier members who have done so,” Zelikow said via email. “Four of the earlier members have remained, pending a reconstitution of the Board at some point for the balance of the President’s second term. The White House website displays the current situation, pending that.”

Hamilton's ouster is particularly interesting, given that just a month ago, he wrote an oped piece about how the NSA's surveillance efforts have gone too far. Seems like he'd be handy to have on this committee reviewing the NSA surveillance, no? So, forgive us for, once again, finding it difficult (or laughable) to believe President Obama's claims that he had a serious revamp of the NSA's surveillance activity in his priorities before the Snowden leaks happened. It seems clear that things were going in the other direction: ramping up the spying, while cutting back on the oversight and review.

from the and-yet-push-to-renew-the-law? dept

We already mentioned this in our initial post about Barton Gellman's incredible Washington Post expose on NSA abuses, but one of the many astounding revelations was the claim that Senator Dianne Feinstein, the head of the Senate Intelligence Committee and the primary defender of the programs in the Senate, who has always tried to block or shut down any debate over these provisions, claims that she was unaware of the Inspector General's report that highlighted thousands of abuses:

Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.), who did not receive a copy of the 2012 audit until The Post asked her staff about it, said in a statement late Thursday that the committee “can and should do more to independently verify that NSA’s operations are appropriate, and its reports of compliance incidents are accurate.”

First of all, any statement from Feinstein arguing that her own committee should do more oversight of the NSA is startling. Remember, this is the same Senator who, during that debate over this program last year, ridiculously announced that she was going to wave the paper with the "secret" reason for why the program had to be renewed.

"I'd like to just show that classified letter, if I might. It's classified, so I can't read it to you. I don't happen to have it here, but as soon as someone brings it, I will wave it for a moment so that you see it."

And yet, now she's claiming that she never saw the required Inspector's General report that detailed all of these abuses? It's not as if the existence of this report was a secret. The Justice Department issued a public announcement last November 7th, stating that this report had been completed. And, there had been some public discussion about the classified report, because (at the very least) both Steven Aftergood and Julian Sanchez have filed FOIA requests on the document. In Sanchez's case, you may recall, he'd actually filed a FOIA request for an earlier version of the report -- again, whose existence was public knowledge -- and the DOJ told him it couldn't even confirm the existence of the report. While they later admitted that was an error, they still never delivered the document to Sanchez.

Towards the end of last year, Sanchez regularly made the point that it was ridiculous that this report, which had direct information pertaining to the FISA Amendments Act, and any abuses would remain classified throughout the period of time in which Congress was debating its renewal.

And now we're supposed to believe that Senator Feinstein had not seen this report? The report that directly assessed whether or not the program that she was the major proponent of, and whose oversight she was in charge of, had been abused? It seems rather obvious that Feinstein is either lying or incompetent here. The most charitable response would be that she or her staff didn't actually understand what it was Gellman had asked, when he talked about the report, but even that is tough to believe.

As such, her response that her own committee needed to "do more" seems even more ridiculous. If we take her at her word, it would seem that "do more" would mean at least reading the freaking review of the very program you were defending and renewing to see the details of the program's abuse... How can the Senate allow her to remain in charge of this committee when by her own public admission she didn't even look at a key report over what she insisted was the key program they were renewing last year?

from the not-the-crime,-but-the-cover-up dept

Among the many, many incredible revelations from the Washington Post report on the abuses by the NSA is a tidbit about an interview that the Post was able to do with the NSA's director of compliance, John DeLong, followed by the White House's attempt to completely whitewash the interview and block his quotes from being used, despite the Post being told otherwise initially:

The Obama administration referred all questions for this article to John DeLong, the NSA’s director of compliance, who answered questions freely in a 90-minute interview. DeLong and members of the NSA communications staff said he could be quoted “by name and title” on some of his answers after an unspecified internal review. The Post said it would not permit the editing of quotes. Two days later, White House and NSA spokesmen said that none of DeLong’s comments could be quoted on the record and sent instead a prepared statement in his name. The Post declines to accept the substitute language as quotations from DeLong.

Read that again. This is the same White House that has been saying that they want to be as transparent as possible and to rebuild trust. And yet, here they are trying to block the Post from using an interview -- an interview they suggested in the first place -- and then to replace it with a bland and bogus "statement."

“You can look at it as a percentage of our total activity that occurs each day,” he said. “You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different.”

This was a senior NSA official, almost certainly the NSA's "compliance director," arguing, in effect, "we do so much spying that a few thousand mistakes per year is really no big deal." Except, remember, throughout all of this, all of the NSA's defenders, from President Obama to James Clapper to Keith Alexander to Mike Rogers, keep insisting that abuse is next to impossible.

Yet, now even the NSA is admitting that "in absolute terms" there's a lot of abuse, but we shouldn't worry our pretty little heads about it, because in relative terms, it's not that much. This is the point at which anyone who understands the difference between absolute and relative numbers, and when each is the appropriate measure to use, starts coughing up a lung. The relative amount is meaningless here. The absolute number means everything, because it shows that abuse is widespread and happens daily -- something that the program's defenders have been trying to deny for months.

from the absolutely-incredible dept

Among the many stunning things in the report from Barton Gellman and the Washington Post last night was the fact that it totally debunked President Obama's statements from less than a week ago, arguing (1) that these programs were not abused and (2) that no one was "listening in on people's phone calls (see update below). Both of those appear to be untrue. Here were President Obama's direct comments at last week's press conference:

If you look at the reports, even the disclosures that Mr. Snowden’s put forward, all the stories that have been written, what you’re not reading about is the government actually abusing these programs and, you know, listening in on people’s phone calls or inappropriately reading people’s e-mails.

What you’re hearing about is the prospect that these could be abused. Now part of the reason they’re not abused is because they’re — these checks are in place, and those abuses would be against the law and would be against the orders of the FISC

And yet, the Inspector General's report shows that just in the DC area alone there were thousands of violations and abuses, and some included intercepting the content of tons of phone calls in the DC area. Update: In an update, the Washington Post admits that the report was about metadata, not actual content, and they had misreported this initially.

Now, I know that some will take the cynical stance that politicians will just lie with abandon and not care about it. But the fact is that while many (perhaps all) are less than truthful at times, they very, very rarely will bumble into making a major statement like this that can be shown to be flat out false in black and white like this in a setting where the remarks were carefully scripted. So here's the thing I don't understand: by this point, the government must at least have some idea of what documents Snowden got, even if they haven't quantified all of them. They had to know that this Inspector's General report was out there and there was a high likelihood that Snowden had leaked it as well.

So I honestly can't figure out what the White House was thinking in having Obama make such a statement. You can argue that he offered a lie for convenience, and hoped that the truth wouldn't come out, but the White House had to know that there was a very high probability of him being proven a liar very soon after making those statements, which then would undermine the entire purpose of the press conference. Yes, politicians lie, but they lie for strategic reasons, and here it seems like the White House can't even think one step ahead in this chess game. Without last week's press conferences, the disclosures from last night would still be stunning and damaging, but coming so soon after the press conference, they're devastating.

from the and-the-hits-keep-coming dept

There's so much information that's coming out of last night's Washington Post bombshell that just continues to yield incredible information about what defenders of these programs have been saying as compared to what's actually happening. Here's another one. One of the documents released with the report, via Ed Snowden, shows that NSA agents were directly told to give their overseers as little information as possible. The document explains to agents the process for justifying why they were requesting targeting (i.e., a more detailed look concerning an individual or group -- not just at that person's communications, but potentially anyone even remotely connected to them), and makes it clear that they are to give the bare minimum necessary to fulfill their reporting requirements, but not even the slightest bit beyond that. In fact, they're told to give a single short sentence, and to make sure it includes no "extraneous information."

The basic premise of this process is to memorialize why you the analyst have requested targeting. This rationale will be provided to our external FISA Amendment Act (FAA) overseers, the Department of Justice and Office of the Director of National Intelligence, for all FAA targeting.

While we do want to provide our FAA overseers with the information they need, we DO NOT want to give them any extraneous information.... This rationale can be no longer than one short sentence.

The document goes on to list a variety of "example" rationale sentences, all pretty short and sweet, which basically demonstrate to NSA agents how to remove any pertinent information for oversight, while still giving a "reason" for targeting someone. It's a lesson in stripping out information and, as the Washington Post notes, replacing it with "generic" info that will pass muster with the folks supposedly in charge of oversight. As an aside, while parts of them are redacted, there are a few "fake" names given, including "Mohammad Badguy" and "Muhammad Fake Name." No profiling there.

Either way, this once again suggests that the "oversight" going on here is something of a joke. Analysts are directly being told to be careful not to explain very much at all, giving the briefest ("one short sentence, no extraneous information") basis for getting access to all sorts of information concerning a "target" -- which might include a variety of communications and metadata concerning a huge number of people very, very, very loosely connected with that target. It certainly suggests that this idea of "oversight" is pretty laughable. Concoct a one sentence "rationale" that sounds vaguely plausible, and it appears that no one's going to ask any questions at all.

And then explains what to do about it. They're pretty clear that if you're directly targeting a US person, that's a problem (and it is, because that's illegal). If it's considered "inadvertent," then you also have to stop, write up an incident report and notify people. That sounds reasonable. But... then there's the "incidental" section. Here, incidental is described as:

You targeted a legitimate foreign entity and acquired information/communications to/from/about a U.S. Person in your results.

That doesn't seem particularly "incidental" to me. But, here's the kicker. While with all the other forms of collection the NSA is told to stop, when it's "incidental" they're told:

This does not constitute a USSID SP008 violation, so it does not have to be reported in the IG quarterly.

Note that the IG report is the one that was revealed, listing all of the abuses. Yet, here they seem to be indicating that these "incidental" collections of information (and note that it's not just "metadata" here, but full "communications" as well) aren't a real problem. They're told to "apply... minimization procedures" to limit the info on US persons, but we've already seen what a joke those minimization procedures can be.

As Gellman also notes in his report, it appears that the info collected "incidentally" here gets added to NSA databases and can be searched freely:

The NSA uses the term “incidental” when it sweeps up the records of an American while targeting a foreigner or a U.S. person who is believed to be involved in terrorism. Official guidelines for NSA personnel say that kind of incident, pervasive under current practices, “does not constitute a . . . violation” and “does not have to be reported” to the NSA inspector general for inclusion in quarterly reports to Congress. Once added to its databases, absent other restrictions, the communications of Americans may be searched freely.

Just last week, it was discussed that there's a "loophole" that, according to Senator Wyden, allows for "warrantless searches for the phone calls or emails of law-abiding Americans." Who knows if this is that particular loophole, but it does seem like a fairly large loop. Just say it's "incidental" and boom, search away.

Remember, the IG report also reveals that a "programming error" meant that a ton of phone calls placed from Washington DC were "intercepted" by the NSA (because someone typed in 202, DC's area code, instead of 20, Egypt's country code) -- and that mistake wasn't reported. That doesn't seem "incidental" to me.

Another example:

In dozens of cases, NSA personnel made careless use of the agency’s extraordinary powers, according to individual auditing reports. One team of analysts in Hawaii, for example, asked a system called DISHFIRE to find any communications that mentioned both the Swedish manufacturer Ericsson and “radio” or “radar” — a query that could just as easily have collected on people in the United States as on their Pakistani military target.

Think about that for a second. Any communication that mentions both Ericsson and "radio" or "radar." Just for the hell of it, I just did a search on my own email account for the terms "Ericsson" and "radio" and it came back with a ton of results, including 47 from just 2013. In just my mailbox. Many of those are from various wireless news letters or PR announcements, but still...

The Wall Street Journal reported that the ACLU is helping coordinate Snowden’s legal defense in the U.S.

The full WSJ article is behind a paywall, but it states:

The elder Mr. Snowden participated in the chat from the Washington, D.C., office of his attorney, Bruce Fein, and was connected to his son with the help of Ben Wizner, an attorney with the American Civil Liberties Union, who is involved in coordinating Mr. Snowden's legal defense in the U.S.

As Greenwald notes, that's very good news. It also suggests that the claims that Snowden's legal efforts are somehow in the hands of Julian Assange are also not true.